Manuel:$wgReauthenticateTime

Certain security-sensitive operations like changing a user's password or email address should involve re-checking the user's identity, as otherwise they would allow stealing an account just by getting access to a logged-in session (e.g. when the owner has left their laptop unguarded for a few minutes). With only password-based authentication, you'd just add an extra field to the form and ask the user to re-enter their password. But under AuthManager, the user might not have a password, and authenticating might involve complex steps that cannot be handled with extra form fields (e.g. redirecting the browser to some third-party service), you might want to check both factors of a two-factor authentication, and so on. So, the options are:

• Ajoutez le flux d'authentification complet en plusieurs étapes à tout ce qui a besoin de l'exécuter.
• Estimez-le acceptable s'il est utilisé Special:UserLogin pendant la session à l'intérieur des X dernières secondes.
• Une troisième option est possible.

MediaWiki currently takes the second option and forces the user to log in again if the last login was too long ago. This setting configures the "X seconds". Different time frames can be set for different "operations". The operation names are typically the names of the special pages which perform them; they include:

• LinkAccounts
• UnlinkAccount
• ChangeCredentials
• RemoveCredentials
• ChangeEmail

Additional operations may be used by extensions, either explicitly by calling AuthManager::securitySensitiveOperationStatus(), ApiAuthManagerHelper::securitySensitiveOperation() or SpecialPage::checkLoginSecurityLevel(), or implicitly by overriding SpecialPage::getLoginSecurityLevel() or by subclassing AuthManagerSpecialPage.

La clé default est utilisée si l'opération demandée n'est pas définie dans le tableau.